Getting agreement on many of them has proved controversial, attracting
adverse media coverage, and time-consuming (involving the European
Parliament and the European Court of Justice) so now the EU and
the USA want to conclude a long-term general agreement
covering all future exchanges of personal data concerning any
criminal offence however minor.

The Commission's Explanatory
Memorandum and Mandate sent to the Council are below. The Decision
agreed by the Council of the European Union in December 2010
is not available.

The European Data Protection
Supervisor (EDPS), among others, is concerned that any agreement
with the USA in advance of the EU's comprehensive review of data
protection - which has only just been launched and is expected
to take up to two years to complete - will undermine and influence
the review.

The process underway is that
the European Commission negotiates with the US side, in secret,
based on the mandate in the Council Decision (not public). Agreement
is reached and parliaments and people are presented with the
end result - the European Parliament will seek to take a view
and call for changes if necessary.

The proposals are not limited
to law enforcement agencies exchanging personal data and intelligence
on terrorism and serious organised crime but cover all crime,
however minor.News

"On 2
June 2016, the European Union and the United States of America
signed the so-called "Umbrella agreement" which puts
in place a comprehensive high-level data protection framework
for criminal law enforcement cooperation...

"Next
step: After the signature and before the agreement can be finally
concluded, the European Parliament will need to give its consent."

The "Umbrella
Agreement" on the exchange of personal data - its Scope
(Art 1): covers:

"The
purpose of this Agreement is to ensure a high level of protection
of personal information and enhance cooperation between the United
States and the European Union and its Member States, in relation
to the prevention, investigation, detection or prosecution of
criminal offenses, including terrorism."

Today EPIC filed
a brief in a case before the European Court of Human Rights.
The case involves a challenge brought by 10 human rights organizations
arguing that surveillance by British and U.S. intelligence organizations
violated their fundamental rights. In its brief, EPIC explained
that the NSA's "technological capacities" enable "wide
scale surveillance" and that U.S. statutes do not restrict
surveillance of non-U.S. persons abroad. "The NSA collects
personal data from around the world and transfer that data without
adequate legal protections." EPIC routinely files amicus
briefs in federal and state cases that raise novel privacy issues.
This is EPIC's first brief for the Court of Human Rights in Strasbourg.
[emphasis added]

"The Judicial Redress
Act of 2015, which amends the Privacy Act of 1974, has been passed
by Congress and moved on to the President for signature. The
Act fails to extend Privacy Act protections to non-US citizens,
and as adopted coerces EU countries to transfer data to the US.."

"The
European Commission is dealing with challenges on another EU-U.S.
data sharing deal: the Parliament legal service and MEPs argued
that the so-called Umbrella Agreement, which will be brought
into being with the signature of the Judicial Redress Act, does
not comply with EU law."

"Too little has been
done to safeguard citizens' fundamental rights following revelations
of electronic mass surveillance, say MEPs in a resolution voted
on Thursday. They urge the EU Commission to ensure that all data
transfers to the US are subject to an "effective level of
protection" and ask EU member states to grant protection
to Edward Snowden, as a "human rights defender". Parliament
also raises concerns about surveillance laws in several EU countries.

This resolution, approved by 342 votes to 274, with 29 abstention"

Europe
Is Spying on You
(nytimes.com, link): article on the threats of surveillance law
just published by the Council of Europe Commissioner for Human
Rights, Nils Muiznieks, in the New York Times: "When
Edward Snowden disclosed details of Americas huge surveillance
program two years ago, many in Europe thought that the response
would be increased transparency and stronger oversight of security
services. European countries, however, are moving in the opposite
direction. Instead of more public scrutiny, we are getting more
snooping."

"We believe the following
aspects of the Umbrella Agreement violate, or are likely to lead
to violations of, the Treaties and the EU Charter of Fundamental
Rights:

The Umbrella Agreement appears
to allow the sharing of data sent by EU law enforcement
agencies to US law enforcement agencies with US national security
agencies (including the FBI and the US NSA) for use in the latters
mass surveillance and data mining operations; as well as the
onward transfer of such data to third parties,
including national security agencies of yet other (third)
countries, which the Agreement says may not be subjected to generic
data protection conditions

The Agreement should therefore,
in our view, cannot be approved by the European Parliament in
its present form

"Peter
Hustinx, EDPS, said: "The rights of EU citizens to the protection
of their privacy and personal information are enshrined in EU
law. The mass surveillance of EU citizens by US and other intelligence
agencies disregards these rights. As well as supporting a privacy
act in the USA, Europe must insist on the strict enforcement
of existing EU legislation, promote international privacy standards
and swiftly adopt the reform of the EU data protection Regulation.
A concerted effort to restore trust is required. " who also comments:

"It is...
essential that progress is made quickly to thwart the attempts
serving political and economic interests to restrict the fundamental
rights to privacy and data protection."

"A delegation from the
civil liberties committee visited Washington DC last week to
find out the latest information on issues such as data protection
and legislation on surveillance activities from their American
counterparts. The MEPs also provided updates on the EU's data
protection reform and on counter-terrorism initiatives, including
the passenger name records (PNR) proposal"

See also:Close your Facebook
account is you do not want to be spied on: EU-US
data pact skewered in court hearing (euobserver, link)
Extraordinary statement by Commission lawyer in Court of European
Justice (CJEU):

"A lawyer for the European
Commission told an EU judge on Tuesday (24 March) he should close
his Facebook page if he wants to stop the US snooping on him,
in what amounts to an admission that Safe Harbour, an EU-US data
protection pact, doesnt work.

You might consider closing
your Facebook account, if you have one, European Commission
attorney Bernhard Schima told attorney-general Yves Bot at the
European Court of Justice in Luxembourg."

"the
US side has a mandate for an Executive agreement
that does not change existing US law, nor create any new rights"

"The
US has rejected the idea to apply the agreement also to data
transferred from private parties in the EU to private parties
in the US and subsequently processed for law enforcement purposes
by US competent authorities."

"a
non-discrimination clause, i.e. the application of data protection
principles to all data subjects regardless of nationality and
place of residence, was discussed. The US is cautious on this
as it is linked to the personal scope of protection under the
Privacy Act, which is limited to US citizens and permanent residents."

"The
US side however acknowledged that no judicial redress is available
to non-US individuals who seek correction of their data without
having suffered harm. Further discussion is needed."

"data
retention, the US side appears to oppose a general obligation
enshrined in this agreement to define appropriate retention periods
whenever data sharing is agreed (specific agreements, unilateral
condition by sending authority), arguing that such limits should
be determined by the recipient party's domestic law."

"On
purpose limitation (and further use of data), the US envisages
to specify the purpose of data processing and further use in
the "umbrella" agreement itself and to conceive it
widely. This would result that in principle all data could be
used for prevention, detection, suppression, investigation or
prosecution of criminal offences, protection of public security,
for directly related non-criminal and administrative proceedings,
or for any other purpose if prior consent is given by the sending
authority."

"The European
Union would apply these principles for "law enforcement
purposes", meaning use for the prevention, detection, investigation
or prosecution of any criminal offence." and: "The United States
would apply these principles for 'law enforcement purposes',
meaning for the prevention, detection, suppression, investigation,
or prosecution of any criminal offence or violation of
law related to border enforcement, public security, and national
security, as well as for non-criminal judicial or administrative
proceedings related directly to such offences or violations."
(emphasis added)

European Parliament: Working
document no 1 (pdf) and Working
document no 2 (pdf): Public Hearing: Data Protection
in a transatlantic perspective, 25 October 2010 (link)European Data Protection Supervisor and Article
29 Working Party on data protection

"the
Working Party is however concerned about the possible outcome
of the negotiations. It therefore urges the Commission, the Council
and the European Parliament to ensure a strict and far reaching
negotiating mandate, to obtain a high level of data protection.
Coherence is needed in light of current developments, including
the review of the EU data protection legal framework and the
proposed negotiations with the US on a new PNR agreement."

&COPY;
Statewatch ISSN 1756-851X. Personal usage as private individuals/"fair
dealing" is allowed. We also welcome links to material on
our site. Usage by those working for organisations is allowed
only if the organisation holds an appropriate licence from the
relevant reprographic rights organisation (eg: Copyright Licensing
Agency in the UK) with such usage being subject to the terms
and conditions of that licence and to local copyright law